v1.4.0: IPS 4.2.x support, 1 new feature

* Work around IPS change of policy on redirection in 4.2.x * Allow disabling of site template on authorization page
wohali · Aug 8, 2017 · 5565d3f · 5565d3f
1 parent 8519c97
commit 5565d3f
Show file tree

Hide file tree

Showing 9 changed files with 130 additions and 7 deletions.
diff --git a/data/acpmenu.json b/data/acpmenu.json
@@ -5,6 +5,12 @@
             "controller": "clients",
             "do": "",
             "restriction": "clients_manage"
+        },
+        "settings": {
+            "tab": "community",
+            "controller": "settings",
+            "do": "",
+            "restriction": "settings_manage"
         }
     }
 }
diff --git a/data/acprestrictions.json b/data/acprestrictions.json
@@ -2,6 +2,9 @@
     "oauthserver": {
         "clients": {
             "clients_manage": "clients_manage"
+        },
+        "settings": {
+            "settings_manage": "settings_manage"
         }
     }
 }
diff --git a/data/modules.json b/data/modules.json
@@ -1,7 +1,13 @@
 {
     "admin": {
         "oauthserver": {
-            "default_controller": "clients",
+            "default_controller": "",
+            "protected": false
+        }
+    },
+    "front": {
+        "redirect": {
+            "default_controller": "redirect",
             "protected": 0
         }
     }

diff --git a/data/settings.json b/data/settings.json
@@ -1 +1,6 @@
-[]
+[
+    {
+        "key": "oauth2server_wrap_global_template",
+        "default": "1"
+    }
+]
diff --git a/data/versions.json b/data/versions.json
@@ -7,5 +7,6 @@
     "102002": "1.2.2",
     "102003": "1.2.3",
     "102004": "1.2.4",
-    "103000": "1.3.0"
+    "103000": "1.3.0",
+    "104000": "1.4.0"
 }
diff --git a/dev/lang.php b/dev/lang.php
@@ -1,12 +1,14 @@
 <?php
 
 $lang = array(
-	'__app_oauth2server'	=> "OAuth2 Server",
+    '__app_oauth2server' => "OAuth2 Server",
     'module__oauth2server_client' => "Applications (OAuth2 Clients)",
     'r__clients' => "Clients",
     'r__clients_manage' => "Can manage clients?",
     'menu__oauth2server_oauthserver' => "OAuth2 Server",
     'menu__oauth2server_oauthserver_clients' => "Applications",
+    'menu__oauth2server_oauthserver_settings' => "Settings",
+
     'add_client' => "Add Application",
     'client_name' => "Application Name",
     'client_name_desc' => "Name of the OAuth2 Application (Client)",
@@ -32,4 +34,8 @@
     'authorize_title' => "Authorize external application",
     'authorize_yes' => "Yes",
     'authorize_no' => "No",
+
+    'oauth2server_settings' => "OAuth 2 Server Settings",
+    'oauth2server_wrap_global_template' => 'Wrap authorization page with global template?',
+    'oauth2server_wrap_global_template_desc' => "If enabled, the authorization page will be displayed inside of your website's global template. Disable if you are having problems with redirection or advertisements interrupting the OAuth 2 authorization flow."
 );
diff --git a/interface/oauth/authorize.php b/interface/oauth/authorize.php
@@ -17,7 +17,10 @@
 $member_id = \IPS\Member::loggedIn()->member_id;
 if ( ! $member_id ) {
     // ref parameter is base64 encoding of destination URL
-    $ref_url = \IPS\Settings::i()->base_url . "applications/oauth2server/interface/oauth/authorize.php?" . http_build_query($_GET, null, ini_get('arg_separator.output'), PHP_QUERY_RFC3986);
+    // Since 4.2.0, we have to "Inception" this because login-based redirect can only target an internal URL
+    $real_ref_url = \IPS\Settings::i()->base_url . "applications/oauth2server/interface/oauth/authorize.php?" . http_build_query($_GET, null, ini_get('arg_separator.output'), PHP_QUERY_RFC3986);
+    $real_ref = base64_encode( $real_ref_url );
+    $ref_url = \IPS\Http\Url::internal( 'app=oauth2server&module=redirect&controller=redirect&ref=' . $real_ref, 'front');
     $ref = base64_encode( $ref_url );
     \IPS\Output::i()->redirect( \IPS\Http\Url::internal( 'app=core&module=system&controller=login&ref=' . $ref, 'front', 'login' ) );
 }
@@ -78,8 +81,13 @@
 
     // TODO: Surface scope in template output
     $form = \IPS\Theme::i()->getTemplate( 'server', 'oauth2server', 'front' )->authorize( $client, $scope );
-    $title = \IPS\Member::loggedIn()->language()->addToStack('authorize_title');
-    \IPS\Output::i()->sendOutput( \IPS\Theme::i()->getTemplate( 'global', 'core' )->globalTemplate( $title, $form, true, \IPS\ROOT_PATH ) , 200, 'text/html', \IPS\Output::i()->httpHeaders );
+    if ( \IPS\Settings::i()->oauth2server_wrap_global_template ) {
+        $title = \IPS\Member::loggedIn()->language()->addToStack('authorize_title');
+        \IPS\Output::i()->sendOutput( \IPS\Theme::i()->getTemplate( 'global', 'core' )->globalTemplate( $title, $form, true, \IPS\ROOT_PATH ) , 200, 'text/html', \IPS\Output::i()->httpHeaders );
+    } else {
+        $header = \IPS\Theme::i()->getTemplate( 'global', 'core', 'front' )->logo();
+        \IPS\Output::i()->sendOutput( $header . $form, 200, 'text/html', \IPS\Output::i()->httpHeaders );
+    }
 }
 
 // print the authorization code if the user has authorized your client

diff --git a/modules/admin/oauthserver/settings.php b/modules/admin/oauthserver/settings.php
@@ -0,0 +1,45 @@
+<?php
+/**
+ * @package OAuth2 Server
+ * @author <a href='https://atypical.net'>Joan Touzet</a>
+ * @copyright (c) 2017 Joan Touzet
+ */
+
+namespace IPS\oauth2server\modules\admin\oauthserver;
+
+/* To prevent PHP errors (extending class does not exist) revealing path */
+if ( !defined( '\IPS\SUITE_UNIQUE_KEY' ) )
+{
+    header( ( isset( $_SERVER['SERVER_PROTOCOL'] ) ? $_SERVER['SERVER_PROTOCOL'] : 'HTTP/1.0' ) . ' 403 Forbidden' );
+    exit;
+}
+
+/**
+ * settings
+ */
+class _settings extends \IPS\Dispatcher\Controller
+{
+    /**
+     * Execute
+     *
+     * @return      void
+     */
+    public function execute()
+    {
+        \IPS\Dispatcher::i()->checkAcpPermission( 'settings_manage' );
+        parent::execute();
+    }
+
+    protected function manage()
+    {
+        \IPS\Output::i()->title = \IPS\Member::loggedIn()->language()->addToStack('settings');
+        $form = new \IPS\Helpers\Form;
+        $form->addHeader( 'oauth2server_settings' );
+        $form->add( new \IPS\Helpers\Form\YesNo( 'oauth2server_wrap_global_template', \IPS\Settings::i()->oauth2server_wrap_global_template ) );
+        if ( $values = $form->values() )
+        {
+            $form->saveAsSettings();
+        }
+        \IPS\Output::i()->output = $form;
+    }
+}
diff --git a/modules/front/redirect/redirect.php b/modules/front/redirect/redirect.php
@@ -0,0 +1,43 @@
+<?php
+
+namespace IPS\oauth2server\modules\front\redirect;
+
+/* To prevent PHP errors (extending class does not exist) revealing path */
+if ( !defined( '\IPS\SUITE_UNIQUE_KEY' ) )
+{
+  header( ( isset( $_SERVER['SERVER_PROTOCOL'] ) ? $_SERVER['SERVER_PROTOCOL'] : 'HTTP/1.0' ) . ' 403 Forbidden' );
+  exit;
+}
+
+/**
+ * redirect
+ */
+class _redirect extends \IPS\Dispatcher\Controller
+{
+  /**
+   * Execute
+   *
+   * @return	void
+   */
+  public function execute()
+  {
+    parent::execute();
+  }
+
+  /**
+   * Redirect a user to the specified URL.
+   *
+   * @param string $ref The URL to which the member will be redirected, base64 encoded.
+   * @return	void
+   */
+  protected function manage()
+  {
+    $ref = \IPS\Request::i()->ref;
+    /* Did we just log in? */
+    if ( \IPS\Member::loggedIn()->member_id and isset( \IPS\Request::i()->_fromLogin ) ) {
+      \IPS\Output::i()->redirect( base64_decode($ref) );
+    } else {
+      \IPS\Output::i()->redirect( \IPS\Http\Url::internal('') );
+    }
+  }
+}